Sign in to follow this  
staticnoise

Hijackthis log. Please Help.

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 1:21:52 PM, on 3/24/2008

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\Ati2evxx.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Program Files\Sygate\SSA\smc.exe

 

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

 

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\Program Files\Connected\AgentSrv.EXE

 

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

 

C:\Program Files\Witness Systems\QM Agent\CaptureService.exe

 

C:\Program Files\LANDesk\Shared Files\residentagent.exe

 

C:\Program Files\Witness Systems\QM Agent\wcapw32.exe

 

c:\Program Files\Symantec AntiVirus\DefWatch.exe

 

C:\WINDOWS\SYSTEM32\DWRCS.EXE

 

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

 

C:\WINDOWS\system32\CBA\pds.exe

 

C:\Program Files\LANDesk\LDClient\tmcsvc.exe

 

C:\PROGRA~1\LANDesk\LDClient\issuser.exe

 

c:\Program Files\Symantec AntiVirus\SavRoam.exe

 

C:\WINDOWS\system32\slClient.exe

 

C:\Program Files\LANDesk\LDClient\softmon.exe

 

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

c:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

C:\PROGRA~1\LANDesk\LDClient\collector.exe

 

C:\WINDOWS\system32\Ati2evxx.exe

 

C:\PROGRA~1\LANDesk\LDClient\rcgui.exe

 

C:\WINDOWS\system32\slagent.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\WINDOWS\svchost.exe

 

C:\WINDOWS\SYSTEM32\DWRCST.exe

 

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

C:\PROGRA~1\SYMANT~1\VPTray.exe

 

C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe

 

C:\Program Files\QuickTime\QTTask.exe

 

C:\Program Files\iTunes\iTunesHelper.exe

 

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

C:\Program Files\Connected\CBSysTray.exe

 

C:\Program Files\iPod\bin\iPodService.exe

 

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

 

C:\Program Files\Java\j2re1.4.2_02\bin\javaw.exe

 

C:\CRM\Prod\lib\IeEmbed.exe

 

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

 

C:\Program Files\Mozilla Firefox\firefox.exe

 

C:\WINDOWS\system32\notepad.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.corp.yahoo.com:1080

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll

 

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe

 

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

 

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

 

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

 

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

 

O4 - HKLM\..\Run: [bgInfo] bginfo.exe c:\windows\BGInfoYahoo.bgi /timer:0

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

 

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

 

O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe

 

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui

 

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart

 

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

 

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

 

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM')

 

O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')

 

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Default user')

 

O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')

 

O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe

 

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

 

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

 

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O16 - DPF: {1C1DE932-8D89-4C07-BF9C-D8627EDB4849} (Siebel High Interactivity Framework) - http://prissm.corp.yahoo.com/emedia_enu/18...x_HI_Client.cab

 

O16 - DPF: {1C3D6191-46F2-433A-9F76-F779A01135C6} (Siebel High Interactivity Framework) - http://prissm.corp.yahoo.com/emedia_enu/18...x_HI_Client.cab

 

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

 

O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) - https://erpprod.fin.yahoo.com:8000/jinitiator/oajinit.exe

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093539677562

 

O16 - DPF: {9084FFEE-ACA8-405C-AA94-CE3E57651343} (Siebel Calendar) - http://prissm.corp.yahoo.com/emedia_enu/18...Ax_Calendar.cab

 

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

 

O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com

 

O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com

 

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

 

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

 

O23 - Service: Capture Service (CaptureService) - Witness Systems, Inc. - C:\Program Files\Witness Systems\QM Agent\CaptureService.exe

 

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

 

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe

 

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE

 

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

 

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

 

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe

 

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe

 

O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe

 

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

 

O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe

 

O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\slClient.exe

 

O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

 

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

O24 - Desktop Component 1: (no name) - P:\CS Desktop Ref Tool\Desktop Ref Tool.html

 

 

 

--

 

End of file - 12822 bytes

Edited by staticnoise

Share this post


Link to post
Share on other sites

Hello, and welcome to the Lavasoft support forums :D

 

I apologize for the delay in responding to your thread. We get overwhelmed at times but we are trying our best to keep up.

If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please perform the following below so I can have a look at the current condition of your machine.

 

Thanks and again sorry for the delay.

 

Please download Deckard's System Scanner (DSS) and save to your Desktop.

alternate download site

 

DSS will do the following:

  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for me to analyze.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.

You must be logged onto an account with administrator privileges when using.

  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized

    [*]If not, they both can be found in the C:\Deckard\System Scanner folder.

    [*]Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.

-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.

-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

 

 

Next

Please do an online scan with Kaspersky WebScanner

 

Click on Accept Button

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

      Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Many thanks.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this